openjdk
8339280: jarsigner -verify performs cross-checking between CEN and LOC
Hi, this is a backport of openjdk/jdk11u-dev#3098. The backport isn't clean, because of the following:
- File paths that require adjustment for 8u
- In
Main.java, trivial context differences and code that needs adjustment from 11u to 8u:-
java.nio.file.Path.of()⟶java.nio.file.Paths.get() -
InputStream::transferTo(OutputStream.nullOutputStream())⟶ original code before a review suggestion
-
- In the test (
VerifyJarEntryName.java), code that needs adjustment from 11u to 8u:-
@library /test/lib⟶@library /lib/testlibrary - JUnit 5 ⟶ JUnit 4
-
org.junit.jupiter.api.BeforeAll⟶org.junit.BeforeClass -
org.junit.jupiter.api.BeforeEach⟶org.junit.Before -
org.junit.jupiter.api.Test⟶org.junit.Test -
java.nio.file.Path.of()⟶java.nio.file.Paths.get() -
@BeforeClass,@Beforeand@Testmethods must be public
-
- Can't use
var -
Arrays.equals(a, start, end, b, 0, b.length)⟶Arrays.equals(Arrays.copyOfRange(a, start, end), b)(Arrays::equalswith offsets not present in 8u)
-
- ~~NOTE: for the Japanese manpages translation approach, please refer to openjdk/jdk11u-dev#3098~~
- ~~I updated
jdk/src/linux/doc/man/ja/jarsigner.1andjdk/src/solaris/doc/sun/man/man1/ja/jarsigner.1(identical), and leftdk/src/bsd/doc/man/ja/jarsigner.1untouched (doesn't have any content besides the headers)~~ - $\mbox{\color{red}UPDATE}$ (28348b29f892b685d9098c4560128a8bfb206afd): all the internationalized messages have been removed, as they aren't typically included in backports (thanks @jerboaa for letting me know).
- ~~I updated
Related issues ("relates to" Jira issue links)
JDK-8353299 (openjdk/jdk@acd4da49a01760599ec4c325ff6c56f53ba5cc9c) and JDK-8367782 (openjdk/jdk@1b9a11682d5f73885213822423bfce8dfc17febd) were also included as part of this backport. They are test-only changes that improve the reliability and coverage of VerifyJarEntryName.java.
Since test/hotspot/jtreg/runtime/appcds/SignedJar.java is not present in 8u, JDK-8353330 was not included.
Testing
- Besides the
tier1run from the GitHub actions (similar results as the currentmasterrun), I ran a regression using the following categories and individual tests:-
jdk/test/com/sun/jarsigner -
jdk/test/java/security/SignedJar -
jdk/test/java/util/jar -
jdk/test/sun/security/pkcs/pkcs7 -
jdk/test/sun/security/tools/jarsigner- Includes
VerifyJarEntryName.java, created for this issue
- Includes
-
jdk/test/sun/security/tools/keytool
-
No regressions were found against the current master branch (9a4bc2d205c9b8b5f743f16a2ea8b85d6cb6924b).
Progress
- [ ] Change must be properly reviewed (1 review required, with at least 1 Reviewer)
- [x] Change must not contain extraneous whitespace
- [x] Commit message must refer to an issue
- [ ] JDK-8339280 needs maintainer approval
- [ ] JDK-8353299 needs maintainer approval
- [ ] JDK-8367782 needs maintainer approval
Issues
- JDK-8339280: jarsigner -verify performs cross-checking between CEN and LOC (Enhancement - P4)
- JDK-8353299: VerifyJarEntryName.java test fails (Bug - P3)
- JDK-8367782: VerifyJarEntryName.java: Fix modifyJarEntryName to operate on bytes and re-introduce verifySignatureEntryName (Bug - P4)
Reviewers
- Alexey Bakhtin (@alexeybakhtin - Committer)
Reviewing
Using git
Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk8u-dev.git pull/699/head:pull/699
$ git checkout pull/699
Update a local copy of the PR:
$ git checkout pull/699
$ git pull https://git.openjdk.org/jdk8u-dev.git pull/699/head
Using Skara CLI tools
Checkout this PR locally:
$ git pr checkout 699
View PR using the GUI difftool:
$ git pr show -t 699
Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk8u-dev/pull/699.diff
Using Webrev
:wave: Welcome back fferrari! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.
![bridgekeeper[bot] avatar](https://avatars.githubusercontent.com/u/41768318?v=4 "Published by a pub.dev verified publisher"){kind=small}
@franferrax This change now passes all automated pre-integration checks.
After integration, the commit message for the final commit will be:
8339280: jarsigner -verify performs cross-checking between CEN and LOC
8353299: VerifyJarEntryName.java test fails
8367782: VerifyJarEntryName.java: Fix modifyJarEntryName to operate on bytes and re-introduce verifySignatureEntryName
Reviewed-by: abakhtin, sgehwolf, andrew
You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.
At the time when this comment was updated there had been 18 new commits pushed to the master branch:
- 8304a7607b394f54ba97fb857d721fd16c9a026b: 8212678: Windows IME related patch
- f67be21a7ff6de67f415ed652cccbfcc59d2ae75: 8211804: Constant AO_UNUSED_MBZ uses left shift of negative value
- fcd1361e9e661620dfa6e8b0b35f994c4f9a23f1: 8371387: [8u] hotspot needs to recognise latest VS2022
- ... and 15 more: https://git.openjdk.org/jdk8u-dev/compare/9a4bc2d205c9b8b5f743f16a2ea8b85d6cb6924b...master
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.
As you do not have Committer status in this project an existing Committer must agree to sponsor your change. Possible candidates are the reviewers of this PR (@alexeybakhtin, @jerboaa, @gnu-andrew) but any other Committer may sponsor as well.
➡️ To flag this PR as ready for integration with the above commit message, type /integrate in a new comment. (Afterwards, your sponsor types /sponsor in a new comment to perform the integration).
@franferrax
Adding additional issue to issue list: 8353299: VerifyJarEntryName.java test fails.
@franferrax
Adding additional issue to issue list: 8367782: VerifyJarEntryName.java: Fix modifyJarEntryName to operate on bytes and re-introduce verifySignatureEntryName.
@franferrax This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply issue a /touch or /keepalive command to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!
@gnu-andrew, @jerboaa: please consider these issues for jdk8u482. Also, I will need an additional look from a Reviewer in 8u updates.
⚠️ @franferrax This change is now ready for you to apply for maintainer approval. This can be done directly in each associated issue or by using the /approval command.
/approval request JDK-8339280 enhances the jarsigner utility with cross-validation of JAR entries. Subsequent test updates (JDK-8353299 & JDK-8367782) are included for better reliability and coverage. Please find details about the testing in the pull request description.
@franferrax 8339280: The approval request has been created successfully. 8353299: The approval request has been created successfully. 8367782: The approval request has been created successfully.
I'm confused by some of the comments in the PR. I don't see any
varusage in the 11u patch, which I presume would have to be taken out already for that backport, and it also has the additional bug IDs.
Hi @gnu-andrew, I'm realizing the comment is very confusing, sorry for that. It was meant to describe the JDK-8339280 backport only, as the other two issues were mentioned in the Related issues ("relates to" Jira issue links) section. It should be clearer with the order of events:
-
JDK-8339280 is the main change, it included a test case that was later failing (the test had 2
varusages) - JDK-8353299 is the original fix to the test case, I found it didn't address the root cause of the test failure
-
JDK-8367782 is a new fix I proposed in mainline before starting the backports (the
varusages were removed there)
I also don't see any discussion about translations and I'm not aware of this policy of not including these changes. What is the reason for this?
In https://github.com/openjdk/jdk21u-dev/pull/2235#pullrequestreview-3245163053, Severin explained to me that we don't include internationalization changes in backports, when those changes come from bulk updates. In this case, I was taking the translations from JDK-8359761: JDK 25 RDP1 L10n resource files update (openjdk/jdk@da7080fffb2389465dc9afca6d02e9085fe15302).
Thanks for the extra information. I thought you were saying the translations shouldn't be updated at all, but it seems it was more that they shouldn't be mixed into a backport of another change they weren't part of. I do question that they will ever get updated in bulk though, so that is something we should probably look into under another PR.
This one should be good to go though. Thanks for clarifying.
@gnu-andrew 8339280: The approval request has been approved. 8353299: The approval request has been approved. 8367782: The approval request has been approved.
@franferrax Your change (at version 28348b29f892b685d9098c4560128a8bfb206afd) is now ready to be sponsored by a Committer.
Going to push as commit 5452da9aa2428b6fa143ea3af9cc7d261abf99b3.
Since your change was applied there have been 18 commits pushed to the master branch:
- 8304a7607b394f54ba97fb857d721fd16c9a026b: 8212678: Windows IME related patch
- f67be21a7ff6de67f415ed652cccbfcc59d2ae75: 8211804: Constant AO_UNUSED_MBZ uses left shift of negative value
- fcd1361e9e661620dfa6e8b0b35f994c4f9a23f1: 8371387: [8u] hotspot needs to recognise latest VS2022
- ... and 15 more: https://git.openjdk.org/jdk8u-dev/compare/9a4bc2d205c9b8b5f743f16a2ea8b85d6cb6924b...master
Your commit was automatically rebased without conflicts.
@jerboaa @franferrax Pushed as commit 5452da9aa2428b6fa143ea3af9cc7d261abf99b3.
:bulb: You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.